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IN THE CLAIMS 



Amended claims follow: 



1 . (Original) A method for preventing an outbreak of malicious code, comprising: 

a) identifying malicious code at a local location on a network; 

b) encrypting information relating to the mahcious code at the local location; 

c) sending the encrypted information relating to the malicious code to a plurality of 
remote locations utilizing the network; and 

d) blocking instances of the malicious code at the remote locations for a 
predetermined amount of time based on the information; 

e) wherein the information is selected from the group consisting of a type, context, 
protocol, severity, reporting server, and IP address associated with the malicious 
code. 

2. (Original) The method as recited in claim 1 , wherein the malicious code is at 
least one of a virus, worm, and Trojan. 

3. (Original) The method as recited in claim 1, wherein the information relating to 
the malicious code includes an identification of the source of the malicious code, 
wherein communications originating at the identified source are denied access to 
the remote locations for the predetermined amount of time. 

4. (Original) The method as recited in claim 1 , further comprising registering at 
least one of a name and checksum of a file containing the malicious code as a 
known threat. 
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5. (Original) The method as recited in claim 1, further comprising executing 
countermeasures for limiting the effect of the malicious code at the local 
location. 

6. (Original) The method as recited in claim 1, wherein the instances of the 
malicious code are identified based on at least one of a file name and a 
checksum of the malicious code. 

7. (Original) The method as recited in claim I, wherein additional information 
about the malicious code is retrieved if an aspect of the malicious code is not 
recognized. 

8. (Original) A computer program product for managing an outbreak of malicious 
code, comprising: 

a) computer code for identifying malicious code at a local location on a network; 

b) computer code for encrypting information relating to the malicious code at the 
local location; 

c) computer code for sending the encrypted information relating to the malicious 
code to a plurality of remote locations utilizing the network; and 

d) computer code for blocking instances of the malicious code at the remote 
locations for a predetermined amount of time based on the information; 

e) wherein the infomiation is selected from the group consisting of a type, context, 
protocol, severity, reporting server, and IP address associated with the malicious 
code. 

9. (Original) A system for preventing an outbreak of malicious code, comprising: 

a) logic for identifying malicious code at a local location on a network; 

b) logic for encrypting information relating to the malicious code at the local 
location; 
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c) logic for sending the encrypted information relating to the malicious code to a 
plurality of remote locations utilizing the network; and 

d) logic for blocking instances of the malicious code at the remote locations for a 
predetermined amount of time based on the information; 

e) wherein the information is selected from the group consisting of a type, context, 
protocol, severity, reporting server, and IP address associated with the malicious 
code. 

1 0. (Original) A method for preventing an outbreak of malicious code, comprising: 

a) identifying malicious code at a local location on a network; 

b) gathering information relating to the malicious code at the local location; 

c) sending the information relating to the malicious code to a remote location 
utilizing the network; and 

d) blocking instances of the malicious code at the remote location; 

e) wherein the information is selected from the group consisting of a type, context, 
protocol, severity, reporting server, and source of the malicious code. 

11. (Original) The method as recited in claim 10, wherein the malicious code is at 
least one of a virus, worm, and Trojan. 

12. (Original) The method as recited in claim 1 0, wherein the instances of the 
malicious code are blocked at the remote location for a predetermined amount of 
time based on the information. 

13. (Original) The method as recited in claim 10, wherein the information relating to 
the malicious code includes an identification of the source of the malicious code, 
v^^herein communications originating at the identified source are denied access to 
the remote locations. 
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1 4. (Original) The method as recited in claim 1 0, further comprising registering a 
name of a file of the malicious code as a known threat. 

15. (Original) The method as recited in claim 10, wherein the malicious code is 
recognized based at least in part on recognizing that a source of the malicious 
code is registered as a known threat. 

16. (Original) The method as recited in claim 10, further comprising executing 
countermeasures for limiting the effect of the malicious code at the local 
location. 

17. (Original) A computer program product for preventing an outbreak of mahcious 
code, comprising: 

a) computer code for identifying malicious 'code at a local location on a network; 

b) computer code for gathering information relating to the malicious code at the 
local location; 

c) computer code for sending the information relating to the malicious code to a 
remote location utilizing the network; and 

d) computer code for blocking instances of the malicious code at the remote 
location; 

e) wherein the information is selected from the group consisting of a type, context, 
protocol, severity, reporting server, and source of the malicious code. 

1 8. (Original) A system for preventing an outbreak of malicious code, comprising: 

a) logic for identifying malicious code at a local location on a network; 

b) logic for gathering information relating to the malicious code at the local 
location; 

c) logic for sending the information relating to the malicious code to a remote 
location utilizing the network; and 
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d) logic for blocking instances of the malicious code the remote location; 

e) wherein the information is selected from the group consisting of a type, context, 
protocol, severit>% reporting server, and source of the malicious code. 

1 9. (Original) A method for denying access to a hacker, comprising: 

a) identifying an attack by a hacker at a local location on a network; 

b) encrypting information relating to the attack at the local location; 

c) sending the encrypted information relating to the attack to a plurality of remote 
locations utilizing the network; and 

d) restricting access to the remote locations for a predetermined amount of time 
based on the information; 

e) wherein the information is selected from the group consisting of a type, context, 
protocol, severity, reporting server, and IP address associated with the attack. 

20. (Original) The method as recited in claim 1 9, wherein the attack attempts to 
create a denial of service. 

21 . (Original) The method as recited in claim 19, wherein the information relating to 
the attack includes an identification of the source of the attack, wherein 
communications originating at the identified source are denied access to the 
remote locations for the predetermined amount of time. 

22. (Original) The method as recited in claim 21 » further comprising registering the 
source of the attack as a known threat. 

23. (Original) The method as recited in claim 1 9, wherein the attack is recognized 
based at least in part on recognizing that the source of the attack is registered as 
a known threat. 
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24. (Original) The method as recited in claim 1 9, further comprising executing 
countermeasures for limiting the effect of the attack at the local location. 

25. (Original) The method as recited in claim 1 9, wherein additional information 
about the attack is retrieved if an aspect of the attack is not recognized. 

26. (Original) A computer program product for denying access to a hacker, 
comprising: 

a) computer code for identifying an attack by a hacker at a local location on a 
network; 

b) computer code for encrypting information relating to the attack at the local 
location; 

c) computer code for sending the encrypted information relating to the attack to a 
plurality of remote locations utilizing the network; and 

d) computer code for restricting access to the remote locations for a predetermined 
amount of time based on the information; 

e) for wherein the information is selected from the group consisting of a type, 
context, protocol, severity, reporting server, and IP address associated with the 
attack. 

27. (Original) A system for denying access to a hacker, comprising: 

a) logic for identifying an attack by a hacker at a local location on a network; 

b) logic for encrypting information relating to the attack at the local location; 

c) logic for sending the encr>'pted information relating to the attack to a plurality of 
remote locations utilizing the network; and 

d) logic for restricting access to the remote locations for a predetermined amount of 
time based on the information; 

e) wherein the information is selected from the group consisting of a type, context, 
protocol, severity, reporting server, and IP address associated with the attack. 
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28. (Original) A method for denying access to a hacker, comprising: 

a) identifying an attack by a hacker at a local location on a network; 

b) gathering information relating to the attack at the local location; 

c) sending the information relating to the attack to a remote location utiHzing tlie 
network; and 

d) restricting access to the remote location; 

e) wherein the information is selected from the group consisting of a type, context, 
protocol, severity, reporting server, and source of the attack. 

29. (Original) The method as recited in claim 28, wherein the attack attempts to 
create a denial of service. 

30. (Original) The method as recited in claim 28, wherein the access to the remote 
location is restricted for a predetermined amount of time based on the 
information. 

31 . (Original) The method as recited in claim 28, wherein the information relating to 
the attack includes an identification of the source of the attack, wherein 
communications originating at the identified source are denied access to the 
remote locations. 

32 (Original) The method as recited in claim 3 1 , further comprising registering the 
source of the attack as a known threat. 

33. (Original) The method as recited in claim 28, wherein the attack is recognized 
based at least in part on recognizing that a source of the attack is registered as a 
known threat. 
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34. (Original) The method as recited in claim 28, further comprising executing 
countermeasures for limiting the effect of the attack at the local location. 

35. (Original) A computer program product for denying access to a hacker, 
comprising: 

a) computer code for identifying an attack by a hacker at a local location on a 
network; 

b) computer code for gathering information relating to the attack at the local 
location; 

c) computer code for sending the information relating to the attack to a remote 
location utilizing the network; and 

d) computer code for restricting access to the remote location; 

e) wherein the information is selected from the group consisting of a type, context, 
protocol, severity, reporting server, and source of the attack. 

36. (Original) A system for denying access to a hacker, comprising: 

a) logic for identifying an attack by a hacker at a local location on a network; 

b) logic for gathering information relating to the attack at the local location; 

c) logic for sending the information relating to the attack to a remote location 
utilizing the network: and 

d) logic for restricting access to the remote location; 

e) wherein the information is selected from the group consisting of a type, context, 
protocol, severity, reporting server, and source of the attack, 

37. (Original) A method for preventing an outbreak of malicious code, comprising: 

a) identifying malicious code at a local location on a network; 

b) wherein the malicious code is at least one of a virus, worm and, Trojan; 
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c) wherein the malicious code is recognized based at least in part on recognizing 
that at least one of a checksum and a file name of the malicious code is 
registered as a known threat; 

d) encrypting information relating to the malicious code at the local location, 
wherein the information is selected from the group consisting of a type, context, 
protocol, severity, reporting server, and IP address associated with the malicious 
code; 

e) sending the encrypted information relating to the malicious code to a plurality of 
remote locations utilizing the network; 

f) restricting access to the remote locations by communications originating at the 
source of the malicious code for a predetermined amount of time based on the 
information; 

g) executing countermeasures for limiting the effect of the malicious code at the 
local location; and 

h) retrieving additional information about the malicious code if an aspect of the 
attack is not recognized. 

38. (New) The method as recited in claim K wherein the information includes a 
type, context, protocol, severity, reporting ser\'er, and IP address associated with 
the malicious code. 

39. (Ne\v) The method as recited in claim 38, wherein the type is selected from the 
group consisting of an unwanted message attempt, and a denial of service 
attack. 

40. (New) The method as recited in claim 38, wherein the context is selected from 
the group consisting of a virus name, a subject, a mail header, and a magic 
number for a message. 
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41 . (New) The method as recited in claim 1 , further comprising attempting to 
identify a source of the malicious code, and, if the source is identified, retrieving 
information about the source from a database. 

42. (New) The method as recited in claim 1, wherein additional information relating 
to the maHcious code is retrieved from a database if the malicious code is not 
identified in conjunction with an event at the local location on the network. 
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